You collect an authorization trace as per SAP Note 1809199 and the indexserver trace file prints entries like these:

User _SYS_REPO is not allowed to grant privilege SELECT for TABLE <schema>.<table_name>User <USER> is not authorized to use VIEW _SYS_BIC.<package>/<view_name> because of missing grantable privileges on underlying objects